Azure CDN - 通过资源管理API自定义域SSL

时间:2017-04-04 21:21:56

标签: powershell dns azure-resource-manager azure-cdn azure-sdk

使用最新的Azure Powershell SDK,但似乎仍然不能create Custom SSL Domains for CDNs in Azure via API Management。我们有100个子域要创建,并且需要能够编写此任务的创建脚本以便将来扩展。

enter image description here

SDK has no support以来,有没有人知道如何通过REST API切换此标志?我们正在使用New-AzureRmCdnCustomDomain commandlet

1 个答案:

答案 0 :(得分:2)

更新:AzureRM 6.13.0模块和新的Az模块(包括Az.Cdn)现在使用cmdlet支持此功能。请参阅Enable-AzureCdnCustomDomain(AzureRM.Cdn)或Enable-AzCdnCustomDomain(Az.Cdn)

docs.microsoft.com

记录了用于启用自定义域HTTPS的REST API
  

启用自定义Https

     

启用自定义域的https传送。

POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/endpoints/{endpointName}/customDomains/{customDomainName}/enableCustomHttps?api-version=2017-10-12

在使用Azure REST API之前,您需要获取an access token

  

使用PowerShell生成访问令牌: 

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}
     

响应包含一个访问令牌,有关这段时间的信息   令牌有效,以及有关您可以使用哪种资源的信息   令牌。您在之前的HTTP调用中收到的访问令牌   必须将所有请求传递给Resource Manager API。您   将其作为标题值传递给&#34;授权&#34;价值&#34;持票人   YOUR_ACCESS_TOKEN&#34 ;.注意&#34; Bearer&#34;之间的空间。和你的访问   令牌。

通过在Azure AD中创建应用程序注册来重新获取客户端ID,并在创建的应用程序注册的“密钥”部分中生成客户端密钥。这可以组合成这样的解决方案:

$subscriptionId = "..."
$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}

$header = @{
     "Authorization"= "Bearer $($Token.access_token)"
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2016-10-02"

如果您不需要自动化脚本,则可以使用此修改后的示例(基于Source)使用GUI手动登录(无需注册应用程序)。它需要AzureRM - 模块,可以使用Install-Module AzureRM安装:

Function Login-AzureRESTApi {

    Import-Module AzureRM.Profile

    # Load ADAL Azure AD Authentication Library Assemblies
    $modulepath = Split-Path (Get-Module -Name AzureRM.Profile).Path
    $adal = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    $adalforms = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
    $null = [System.Reflection.Assembly]::LoadFrom($adal)
    $null = [System.Reflection.Assembly]::LoadFrom($adalforms)

    # Login to Azure
    $Env = Login-AzureRmAccount

    # Select Subscription
    $Subscription = (Get-AzureRmSubscription | Out-GridView -Title "Choose a subscription ..." -PassThru)
    $adTenant = $Subscription.TenantId
    $global:SubscriptionID = $Subscription.SubscriptionId

    # Client ID for Azure PowerShell
    $clientId = "1950a258-227b-4e31-a9cf-717495945fc2"

    # Set redirect URI for Azure PowerShell
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob"

    # Set Resource URI to Azure Service Management API | @marckean
    $resourceAppIdURIASM = "https://management.core.windows.net/"
    $resourceAppIdURIARM = "https://management.azure.com/"

    # Set Authority to Azure AD Tenant
    $authority = "https://login.windows.net/$adTenant"

    # Create Authentication Context tied to Azure AD Tenant
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    # Acquire token
    $global:authResultASM = $authContext.AcquireToken($resourceAppIdURIASM, $clientId, $redirectUri, "Auto")
    $global:authResultARM = $authContext.AcquireToken($resourceAppIdURIARM, $clientId, $redirectUri, "Auto")

} 

$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

Login-AzureRESTApi

#Reuse selected subscription from login
$Subscription = $global:subscriptionId

$header = @{
     "Authorization"= $global:authResultARM.CreateAuthorizationHeader()
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2017-10-12"
相关问题
最新问题